From c75a15a48981628e77d4178476c121693a656814 Mon Sep 17 00:00:00 2001 From: Matt Riedemann Date: Sun, 30 Mar 2014 14:40:38 -0700 Subject: [PATCH] Rename NotAuthorized exception to Forbidden The NotAuthorized NovaException has an internal code of 403 which is actually Forbidden, so rename it appropriately. This patch doesn't change the external behavior, the status code in responses will still be 403 but the exception is just named properly. This is also necessary to create an actual Unauthorized NovaException with code 401 for use in some Neutron API bug fixes for more granular error handling from python-neutronclient. Related-Bug: #1298075 Change-Id: I691fac2e2c797f47c04da7965d7b1c8685c74edb --- nova/api/ec2/__init__.py | 2 +- nova/api/ec2/cloud.py | 2 +- .../openstack/compute/contrib/floating_ips.py | 4 ++-- nova/api/openstack/compute/contrib/quotas.py | 8 ++++---- .../openstack/compute/plugins/v3/quota_sets.py | 10 +++++----- nova/api/openstack/extensions.py | 2 +- nova/api/openstack/wsgi.py | 2 +- nova/context.py | 16 ++++++++-------- nova/exception.py | 8 ++++---- nova/image/glance.py | 2 +- nova/keymgr/mock_key_mgr.py | 16 ++++++++-------- nova/keymgr/single_key_mgr.py | 2 +- nova/network/floating_ips.py | 6 +++--- .../compute/contrib/test_flavors_extra_specs.py | 6 +++--- .../compute/contrib/test_floating_ips.py | 4 ++-- .../api/openstack/compute/contrib/test_fping.py | 2 +- .../compute/contrib/test_instance_actions.py | 4 ++-- .../openstack/compute/contrib/test_keypairs.py | 8 ++++---- .../api/openstack/compute/contrib/test_shelve.py | 12 ++++++------ .../compute/plugins/v3/test_extension_info.py | 2 +- .../plugins/v3/test_flavors_extra_specs.py | 6 +++--- .../compute/plugins/v3/test_instance_actions.py | 4 ++-- .../compute/plugins/v3/test_keypairs.py | 8 ++++---- .../openstack/compute/plugins/v3/test_shelve.py | 12 ++++++------ nova/tests/api/openstack/test_wsgi.py | 2 +- nova/tests/compute/test_compute.py | 2 +- nova/tests/db/test_db_api.py | 6 +++--- nova/tests/image/test_glance.py | 4 ++-- nova/tests/keymgr/test_mock_key_mgr.py | 10 +++++----- nova/tests/keymgr/test_single_key_mgr.py | 2 +- nova/tests/network/test_manager.py | 10 +++++----- 31 files changed, 92 insertions(+), 92 deletions(-) diff --git a/nova/api/ec2/__init__.py b/nova/api/ec2/__init__.py index ec8b4da5e923..06d23710c0a2 100644 --- a/nova/api/ec2/__init__.py +++ b/nova/api/ec2/__init__.py @@ -562,7 +562,7 @@ class Executor(wsgi.Application): exception.MissingParameter, exception.NoFloatingIpInterface, exception.NoMoreFixedIps, - exception.NotAuthorized, + exception.Forbidden, exception.QuotaError, exception.SecurityGroupExists, exception.SecurityGroupLimitExceeded, diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py index 5df446f7850c..392b2005e251 100644 --- a/nova/api/ec2/cloud.py +++ b/nova/api/ec2/cloud.py @@ -1657,7 +1657,7 @@ class CloudController(object): return self.image_service.update(context, internal_id, image) except exception.ImageNotAuthorized: msg = _('Not allowed to modify attributes for image %s') % image_id - raise exception.NotAuthorized(message=msg) + raise exception.Forbidden(message=msg) def update_image(self, context, image_id, **kwargs): internal_id = ec2utils.ec2_id_to_id(image_id) diff --git a/nova/api/openstack/compute/contrib/floating_ips.py b/nova/api/openstack/compute/contrib/floating_ips.py index 714f96b88655..380bcc9bffba 100644 --- a/nova/api/openstack/compute/contrib/floating_ips.py +++ b/nova/api/openstack/compute/contrib/floating_ips.py @@ -91,7 +91,7 @@ def get_instance_by_floating_ip_addr(self, context, address): def disassociate_floating_ip(self, context, instance, address): try: self.network_api.disassociate_floating_ip(context, instance, address) - except exception.NotAuthorized: + except exception.Forbidden: raise webob.exc.HTTPForbidden() except exception.CannotDisassociateAutoAssignedFloatingIP: msg = _('Cannot disassociate auto assigned floating ip') @@ -258,7 +258,7 @@ class FloatingIPActionController(wsgi.Controller): msg = _('l3driver call to add floating ip failed') raise webob.exc.HTTPBadRequest(explanation=msg) except (exception.FloatingIpNotFoundForAddress, - exception.NotAuthorized): + exception.Forbidden): msg = _('floating ip not found') raise webob.exc.HTTPNotFound(explanation=msg) except Exception: diff --git a/nova/api/openstack/compute/contrib/quotas.py b/nova/api/openstack/compute/contrib/quotas.py index f856cc9e994a..a1024b8956ce 100644 --- a/nova/api/openstack/compute/contrib/quotas.py +++ b/nova/api/openstack/compute/contrib/quotas.py @@ -103,7 +103,7 @@ class QuotaSetsController(wsgi.Controller): nova.context.authorize_project_context(context, id) return self._format_quota_set(id, self._get_quotas(context, id, user_id=user_id)) - except exception.NotAuthorized: + except exception.Forbidden: raise webob.exc.HTTPForbidden() @wsgi.serializers(xml=QuotaTemplate) @@ -133,7 +133,7 @@ class QuotaSetsController(wsgi.Controller): try: settable_quotas = QUOTAS.get_settable_quotas(context, project_id, user_id=user_id) - except exception.NotAuthorized: + except exception.Forbidden: raise webob.exc.HTTPForbidden() if not self.is_valid_body(body, 'quota_set'): @@ -165,7 +165,7 @@ class QuotaSetsController(wsgi.Controller): try: quotas = self._get_quotas(context, id, user_id=user_id, usages=True) - except exception.NotAuthorized: + except exception.Forbidden: raise webob.exc.HTTPForbidden() for key, value in quota_set.items(): @@ -227,7 +227,7 @@ class QuotaSetsController(wsgi.Controller): else: QUOTAS.destroy_all_by_project(context, id) return webob.Response(status_int=202) - except exception.NotAuthorized: + except exception.Forbidden: raise webob.exc.HTTPForbidden() raise webob.exc.HTTPNotFound() diff --git a/nova/api/openstack/compute/plugins/v3/quota_sets.py b/nova/api/openstack/compute/plugins/v3/quota_sets.py index 8b6198958d82..78a9ffab8a68 100644 --- a/nova/api/openstack/compute/plugins/v3/quota_sets.py +++ b/nova/api/openstack/compute/plugins/v3/quota_sets.py @@ -87,7 +87,7 @@ class QuotaSetsController(wsgi.Controller): nova.context.authorize_project_context(context, id) return self._format_quota_set(id, self._get_quotas(context, id, user_id=user_id)) - except exception.NotAuthorized: + except exception.Forbidden: raise webob.exc.HTTPForbidden() @extensions.expected_errors(403) @@ -100,7 +100,7 @@ class QuotaSetsController(wsgi.Controller): return self._format_quota_set(id, self._get_quotas(context, id, user_id=user_id, usages=True)) - except exception.NotAuthorized: + except exception.Forbidden: raise webob.exc.HTTPForbidden() @extensions.expected_errors((400, 403)) @@ -142,13 +142,13 @@ class QuotaSetsController(wsgi.Controller): try: settable_quotas = QUOTAS.get_settable_quotas(context, project_id, user_id=user_id) - except exception.NotAuthorized: + except exception.Forbidden: raise webob.exc.HTTPForbidden() try: quotas = self._get_quotas(context, id, user_id=user_id, usages=True) - except exception.NotAuthorized: + except exception.Forbidden: raise webob.exc.HTTPForbidden() LOG.debug(_("Force update quotas: %s"), force_update) @@ -214,7 +214,7 @@ class QuotaSetsController(wsgi.Controller): id, user_id) else: QUOTAS.destroy_all_by_project(context, id) - except exception.NotAuthorized: + except exception.Forbidden: raise webob.exc.HTTPForbidden() diff --git a/nova/api/openstack/extensions.py b/nova/api/openstack/extensions.py index c212c744459b..409d318bd5bc 100644 --- a/nova/api/openstack/extensions.py +++ b/nova/api/openstack/extensions.py @@ -401,7 +401,7 @@ def soft_extension_authorizer(api_name, extension_name): try: hard_authorize(context, action=action) return True - except exception.NotAuthorized: + except exception.Forbidden: return False return authorize diff --git a/nova/api/openstack/wsgi.py b/nova/api/openstack/wsgi.py index 385cf52821af..8a60fe6e302f 100644 --- a/nova/api/openstack/wsgi.py +++ b/nova/api/openstack/wsgi.py @@ -677,7 +677,7 @@ class ResourceExceptionHandler(object): if not ex_value: return True - if isinstance(ex_value, exception.NotAuthorized): + if isinstance(ex_value, exception.Forbidden): raise Fault(webob.exc.HTTPForbidden( explanation=ex_value.format_message())) elif isinstance(ex_value, exception.Invalid): diff --git a/nova/context.py b/nova/context.py index adcdc8d287b2..ae0d9b51fdd6 100644 --- a/nova/context.py +++ b/nova/context.py @@ -196,35 +196,35 @@ def require_admin_context(ctxt): def require_context(ctxt): - """Raise exception.NotAuthorized() if context is not a user or an + """Raise exception.Forbidden() if context is not a user or an admin context. """ if not ctxt.is_admin and not is_user_context(ctxt): - raise exception.NotAuthorized() + raise exception.Forbidden() def authorize_project_context(context, project_id): """Ensures a request has permission to access the given project.""" if is_user_context(context): if not context.project_id: - raise exception.NotAuthorized() + raise exception.Forbidden() elif context.project_id != project_id: - raise exception.NotAuthorized() + raise exception.Forbidden() def authorize_user_context(context, user_id): """Ensures a request has permission to access the given user.""" if is_user_context(context): if not context.user_id: - raise exception.NotAuthorized() + raise exception.Forbidden() elif context.user_id != user_id: - raise exception.NotAuthorized() + raise exception.Forbidden() def authorize_quota_class_context(context, class_name): """Ensures a request has permission to access the given quota class.""" if is_user_context(context): if not context.quota_class: - raise exception.NotAuthorized() + raise exception.Forbidden() elif context.quota_class != class_name: - raise exception.NotAuthorized() + raise exception.Forbidden() diff --git a/nova/exception.py b/nova/exception.py index 600923b87501..ae723491f282 100644 --- a/nova/exception.py +++ b/nova/exception.py @@ -161,17 +161,17 @@ class GlanceConnectionFailed(NovaException): "%(reason)s") -class NotAuthorized(NovaException): +class Forbidden(NovaException): ec2_code = 'AuthFailure' msg_fmt = _("Not authorized.") code = 403 -class AdminRequired(NotAuthorized): +class AdminRequired(Forbidden): msg_fmt = _("User does not have admin privileges") -class PolicyNotAuthorized(NotAuthorized): +class PolicyNotAuthorized(Forbidden): msg_fmt = _("Policy doesn't allow %(action)s to be performed.") @@ -625,7 +625,7 @@ class NetworkRequiresSubnet(Invalid): " instances on.") -class ExternalNetworkAttachForbidden(NotAuthorized): +class ExternalNetworkAttachForbidden(Forbidden): msg_fmt = _("It is not allowed to create an interface on " "external network %(network_uuid)s") diff --git a/nova/image/glance.py b/nova/image/glance.py index cb3bd6585845..1245a5c64477 100644 --- a/nova/image/glance.py +++ b/nova/image/glance.py @@ -571,7 +571,7 @@ def _translate_image_exception(image_id, exc_value): def _translate_plain_exception(exc_value): if isinstance(exc_value, (glanceclient.exc.Forbidden, glanceclient.exc.Unauthorized)): - return exception.NotAuthorized(unicode(exc_value)) + return exception.Forbidden(unicode(exc_value)) if isinstance(exc_value, glanceclient.exc.NotFound): return exception.NotFound(unicode(exc_value)) if isinstance(exc_value, glanceclient.exc.BadRequest): diff --git a/nova/keymgr/mock_key_mgr.py b/nova/keymgr/mock_key_mgr.py index 6af88683a1bc..51684fec46d1 100644 --- a/nova/keymgr/mock_key_mgr.py +++ b/nova/keymgr/mock_key_mgr.py @@ -72,10 +72,10 @@ class MockKeyManager(key_mgr.KeyManager): """Creates a key. This implementation returns a UUID for the created key. A - NotAuthorized exception is raised if the specified context is None. + Forbidden exception is raised if the specified context is None. """ if ctxt is None: - raise exception.NotAuthorized() + raise exception.Forbidden() key = self._generate_key(**kwargs) return self.store_key(ctxt, key) @@ -90,7 +90,7 @@ class MockKeyManager(key_mgr.KeyManager): def store_key(self, ctxt, key, **kwargs): """Stores (i.e., registers) a key with the key manager.""" if ctxt is None: - raise exception.NotAuthorized() + raise exception.Forbidden() key_id = self._generate_key_id() self.keys[key_id] = key @@ -99,7 +99,7 @@ class MockKeyManager(key_mgr.KeyManager): def copy_key(self, ctxt, key_id, **kwargs): if ctxt is None: - raise exception.NotAuthorized() + raise exception.Forbidden() copied_key_id = self._generate_key_id() self.keys[copied_key_id] = self.keys[key_id] @@ -110,21 +110,21 @@ class MockKeyManager(key_mgr.KeyManager): """Retrieves the key identified by the specified id. This implementation returns the key that is associated with the - specified UUID. A NotAuthorized exception is raised if the specified + specified UUID. A Forbidden exception is raised if the specified context is None; a KeyError is raised if the UUID is invalid. """ if ctxt is None: - raise exception.NotAuthorized() + raise exception.Forbidden() return self.keys[key_id] def delete_key(self, ctxt, key_id, **kwargs): """Deletes the key identified by the specified id. - A NotAuthorized exception is raised if the context is None and a + A Forbidden exception is raised if the context is None and a KeyError is raised if the UUID is invalid. """ if ctxt is None: - raise exception.NotAuthorized() + raise exception.Forbidden() del self.keys[key_id] diff --git a/nova/keymgr/single_key_mgr.py b/nova/keymgr/single_key_mgr.py index 586413525597..b6d4f35d01ca 100644 --- a/nova/keymgr/single_key_mgr.py +++ b/nova/keymgr/single_key_mgr.py @@ -63,7 +63,7 @@ class SingleKeyManager(mock_key_mgr.MockKeyManager): def delete_key(self, ctxt, key_id, **kwargs): if ctxt is None: - raise exception.NotAuthorized() + raise exception.Forbidden() if key_id != self.key_id: raise exception.KeyManagerError( diff --git a/nova/network/floating_ips.py b/nova/network/floating_ips.py index a69056d30b8c..c38cf8a5fe95 100644 --- a/nova/network/floating_ips.py +++ b/nova/network/floating_ips.py @@ -199,13 +199,13 @@ class FloatingIP(object): if floating_ip.project_id is None: LOG.warn(_('Address |%(address)s| is not allocated'), {'address': floating_ip.address}) - raise exception.NotAuthorized() + raise exception.Forbidden() else: LOG.warn(_('Address |%(address)s| is not allocated to your ' 'project |%(project)s|'), {'address': floating_ip.address, 'project': context.project_id}) - raise exception.NotAuthorized() + raise exception.Forbidden() def allocate_floating_ip(self, context, project_id, auto_assigned=False, pool=None): @@ -532,7 +532,7 @@ class FloatingIP(object): def _is_stale_floating_ip_address(self, context, floating_ip): try: self._floating_ip_owned_by_project(context, floating_ip) - except exception.NotAuthorized: + except exception.Forbidden: return True return False if floating_ip.get('fixed_ip_id') else True diff --git a/nova/tests/api/openstack/compute/contrib/test_flavors_extra_specs.py b/nova/tests/api/openstack/compute/contrib/test_flavors_extra_specs.py index 16b9c5dd7192..3658733b7ad4 100644 --- a/nova/tests/api/openstack/compute/contrib/test_flavors_extra_specs.py +++ b/nova/tests/api/openstack/compute/contrib/test_flavors_extra_specs.py @@ -111,7 +111,7 @@ class FlavorsExtraSpecsTest(test.TestCase): req = fakes.HTTPRequest.blank('/v2/fake/flavors/1/os-extra_specs' + '/key5') - self.assertRaises(exception.NotAuthorized, self.controller.delete, + self.assertRaises(exception.Forbidden, self.controller.delete, req, 1, 'key 5') def test_delete_spec_not_found(self): @@ -139,7 +139,7 @@ class FlavorsExtraSpecsTest(test.TestCase): body = {"extra_specs": {"key1": "value1"}} req = fakes.HTTPRequest.blank('/v2/fake/flavors/1/os-extra_specs') - self.assertRaises(exception.NotAuthorized, self.controller.create, + self.assertRaises(exception.Forbidden, self.controller.create, req, 1, body) def _test_create_bad_request(self, body): @@ -216,7 +216,7 @@ class FlavorsExtraSpecsTest(test.TestCase): req = fakes.HTTPRequest.blank('/v2/fake/flavors/1/os-extra_specs' + '/key1') - self.assertRaises(exception.NotAuthorized, self.controller.update, + self.assertRaises(exception.Forbidden, self.controller.update, req, 1, 'key1', body) def _test_update_item_bad_request(self, body): diff --git a/nova/tests/api/openstack/compute/contrib/test_floating_ips.py b/nova/tests/api/openstack/compute/contrib/test_floating_ips.py index 0f71de94d71c..eed4b86cd61b 100644 --- a/nova/tests/api/openstack/compute/contrib/test_floating_ips.py +++ b/nova/tests/api/openstack/compute/contrib/test_floating_ips.py @@ -406,7 +406,7 @@ class FloatingIpTest(test.TestCase): def fake_associate_floating_ip(self, context, instance, floating_address, fixed_address, affect_auto_assigned=False): - raise exception.NotAuthorized() + raise exception.Forbidden() self.stubs.Set(network.api.API, "associate_floating_ip", fake_associate_floating_ip) floating_ip = '10.10.10.11' @@ -544,7 +544,7 @@ class FloatingIpTest(test.TestCase): return 'test_inst' def network_api_disassociate(self, context, instance, address): - raise exception.NotAuthorized() + raise exception.Forbidden() self.stubs.Set(network.api.API, "get_floating_ip_by_address", fake_get_floating_ip_addr_auto_assigned) diff --git a/nova/tests/api/openstack/compute/contrib/test_fping.py b/nova/tests/api/openstack/compute/contrib/test_fping.py index 2a01bb40e033..52f9fc1c333e 100644 --- a/nova/tests/api/openstack/compute/contrib/test_fping.py +++ b/nova/tests/api/openstack/compute/contrib/test_fping.py @@ -58,7 +58,7 @@ class FpingTest(test.TestCase): def test_fping_index_policy(self): req = fakes.HTTPRequest.blank("/v2/1234/os-fping?all_tenants=1") - self.assertRaises(exception.NotAuthorized, self.controller.index, req) + self.assertRaises(exception.Forbidden, self.controller.index, req) req = fakes.HTTPRequest.blank("/v2/1234/os-fping?all_tenants=1") req.environ["nova.context"].is_admin = True res_dict = self.controller.index(req) diff --git a/nova/tests/api/openstack/compute/contrib/test_instance_actions.py b/nova/tests/api/openstack/compute/contrib/test_instance_actions.py index 865f5b358ffb..1a85fedc9eb4 100644 --- a/nova/tests/api/openstack/compute/contrib/test_instance_actions.py +++ b/nova/tests/api/openstack/compute/contrib/test_instance_actions.py @@ -85,7 +85,7 @@ class InstanceActionsPolicyTest(test.NoDBTestCase): self.stubs.Set(db, 'instance_get_by_uuid', fake_instance_get_by_uuid) req = fakes.HTTPRequest.blank('/v2/123/servers/12/os-instance-actions') - self.assertRaises(exception.NotAuthorized, self.controller.index, req, + self.assertRaises(exception.Forbidden, self.controller.index, req, str(uuid.uuid4())) def test_get_action_restricted_by_project(self): @@ -104,7 +104,7 @@ class InstanceActionsPolicyTest(test.NoDBTestCase): self.stubs.Set(db, 'instance_get_by_uuid', fake_instance_get_by_uuid) req = fakes.HTTPRequest.blank( '/v2/123/servers/12/os-instance-actions/1') - self.assertRaises(exception.NotAuthorized, self.controller.show, req, + self.assertRaises(exception.Forbidden, self.controller.show, req, str(uuid.uuid4()), '1') diff --git a/nova/tests/api/openstack/compute/contrib/test_keypairs.py b/nova/tests/api/openstack/compute/contrib/test_keypairs.py index 2a80f18adde6..7434ddd69716 100644 --- a/nova/tests/api/openstack/compute/contrib/test_keypairs.py +++ b/nova/tests/api/openstack/compute/contrib/test_keypairs.py @@ -384,7 +384,7 @@ class KeypairPolicyTest(test.TestCase): policy.parse_rule('role:admin')}) policy.set_rules(rules) req = fakes.HTTPRequest.blank('/v2/fake/os-keypairs') - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.KeyPairController.index, req) @@ -401,7 +401,7 @@ class KeypairPolicyTest(test.TestCase): policy.parse_rule('role:admin')}) policy.set_rules(rules) req = fakes.HTTPRequest.blank('/v2/fake/os-keypairs/FAKE') - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.KeyPairController.show, req, 'FAKE') @@ -419,7 +419,7 @@ class KeypairPolicyTest(test.TestCase): policy.set_rules(rules) req = fakes.HTTPRequest.blank('/v2/fake/os-keypairs') req.method = 'POST' - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.KeyPairController.create, req, {}) @@ -439,7 +439,7 @@ class KeypairPolicyTest(test.TestCase): policy.set_rules(rules) req = fakes.HTTPRequest.blank('/v2/fake/os-keypairs/FAKE') req.method = 'DELETE' - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.KeyPairController.delete, req, 'FAKE') diff --git a/nova/tests/api/openstack/compute/contrib/test_shelve.py b/nova/tests/api/openstack/compute/contrib/test_shelve.py index 4cd393991041..40bedf2309e0 100644 --- a/nova/tests/api/openstack/compute/contrib/test_shelve.py +++ b/nova/tests/api/openstack/compute/contrib/test_shelve.py @@ -46,7 +46,7 @@ class ShelvePolicyTest(test.NoDBTestCase): policy.set_rules(rules) req = fakes.HTTPRequest.blank('/v2/123/servers/12/os-shelve') - self.assertRaises(exception.NotAuthorized, self.controller._shelve, + self.assertRaises(exception.Forbidden, self.controller._shelve, req, str(uuid.uuid4()), {}) def test_shelve_allowed(self): @@ -57,7 +57,7 @@ class ShelvePolicyTest(test.NoDBTestCase): self.stubs.Set(db, 'instance_get_by_uuid', fake_instance_get_by_uuid) req = fakes.HTTPRequest.blank('/v2/123/servers/12/os-shelve') - self.assertRaises(exception.NotAuthorized, self.controller._shelve, + self.assertRaises(exception.Forbidden, self.controller._shelve, req, str(uuid.uuid4()), {}) def test_shelve_locked_server(self): @@ -75,7 +75,7 @@ class ShelvePolicyTest(test.NoDBTestCase): policy.set_rules(rules) req = fakes.HTTPRequest.blank('/v2/123/servers/12/os-shelve') - self.assertRaises(exception.NotAuthorized, self.controller._unshelve, + self.assertRaises(exception.Forbidden, self.controller._unshelve, req, str(uuid.uuid4()), {}) def test_unshelve_allowed(self): @@ -86,7 +86,7 @@ class ShelvePolicyTest(test.NoDBTestCase): self.stubs.Set(db, 'instance_get_by_uuid', fake_instance_get_by_uuid) req = fakes.HTTPRequest.blank('/v2/123/servers/12/os-shelve') - self.assertRaises(exception.NotAuthorized, self.controller._unshelve, + self.assertRaises(exception.Forbidden, self.controller._unshelve, req, str(uuid.uuid4()), {}) def test_unshelve_locked_server(self): @@ -104,7 +104,7 @@ class ShelvePolicyTest(test.NoDBTestCase): policy.set_rules(rules) req = fakes.HTTPRequest.blank('/v2/123/servers/12/os-shelve') - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.controller._shelve_offload, req, str(uuid.uuid4()), {}) def test_shelve_offload_allowed(self): @@ -115,7 +115,7 @@ class ShelvePolicyTest(test.NoDBTestCase): self.stubs.Set(db, 'instance_get_by_uuid', fake_instance_get_by_uuid) req = fakes.HTTPRequest.blank('/v2/123/servers/12/os-shelve') - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.controller._shelve_offload, req, str(uuid.uuid4()), {}) def test_shelve_offload_locked_server(self): diff --git a/nova/tests/api/openstack/compute/plugins/v3/test_extension_info.py b/nova/tests/api/openstack/compute/plugins/v3/test_extension_info.py index a4cb07f93c9d..38905a4702c8 100644 --- a/nova/tests/api/openstack/compute/plugins/v3/test_extension_info.py +++ b/nova/tests/api/openstack/compute/plugins/v3/test_extension_info.py @@ -41,7 +41,7 @@ def fake_policy_enforce(context, action, target, do_raise=True): def fake_policy_enforce_selective(context, action, target, do_raise=True): if action == 'compute_extension:v3:ext1-alias:discoverable': - raise exception.NotAuthorized + raise exception.Forbidden else: return True diff --git a/nova/tests/api/openstack/compute/plugins/v3/test_flavors_extra_specs.py b/nova/tests/api/openstack/compute/plugins/v3/test_flavors_extra_specs.py index 28f66d968b97..ce294845dae3 100644 --- a/nova/tests/api/openstack/compute/plugins/v3/test_flavors_extra_specs.py +++ b/nova/tests/api/openstack/compute/plugins/v3/test_flavors_extra_specs.py @@ -109,7 +109,7 @@ class FlavorsExtraSpecsTest(test.TestCase): delete_flavor_extra_specs) req = fakes.HTTPRequestV3.blank('/flavors/1/extra-specs/key5') - self.assertRaises(exception.NotAuthorized, self.controller.delete, + self.assertRaises(exception.Forbidden, self.controller.delete, req, 1, 'key 5') def test_delete_spec_not_found(self): @@ -138,7 +138,7 @@ class FlavorsExtraSpecsTest(test.TestCase): body = {"extra_specs": {"key1": "value1"}} req = fakes.HTTPRequestV3.blank('/flavors/1/extra-specs') - self.assertRaises(exception.NotAuthorized, self.controller.create, + self.assertRaises(exception.Forbidden, self.controller.create, req, 1, body) def test_create_empty_body(self): @@ -223,7 +223,7 @@ class FlavorsExtraSpecsTest(test.TestCase): body = {"key1": "value1"} req = fakes.HTTPRequestV3.blank('/flavors/1/extra-specs/key1') - self.assertRaises(exception.NotAuthorized, self.controller.update, + self.assertRaises(exception.Forbidden, self.controller.update, req, 1, 'key1', body) def test_update_item_empty_body(self): diff --git a/nova/tests/api/openstack/compute/plugins/v3/test_instance_actions.py b/nova/tests/api/openstack/compute/plugins/v3/test_instance_actions.py index 483f8b3d5e47..8cdb649299fb 100644 --- a/nova/tests/api/openstack/compute/plugins/v3/test_instance_actions.py +++ b/nova/tests/api/openstack/compute/plugins/v3/test_instance_actions.py @@ -89,7 +89,7 @@ class ServerActionsPolicyTest(test.NoDBTestCase): self.stubs.Set(db, 'instance_get_by_uuid', fake_instance_get_by_uuid) req = fakes.HTTPRequestV3.blank('/servers/12/os-server-actions') - self.assertRaises(exception.NotAuthorized, self.controller.index, req, + self.assertRaises(exception.Forbidden, self.controller.index, req, str(uuid.uuid4())) def test_get_action_restricted_by_project(self): @@ -107,7 +107,7 @@ class ServerActionsPolicyTest(test.NoDBTestCase): self.stubs.Set(db, 'instance_get_by_uuid', fake_instance_get_by_uuid) req = fakes.HTTPRequestV3.blank( '/servers/12/os-server-actions/1') - self.assertRaises(exception.NotAuthorized, self.controller.show, req, + self.assertRaises(exception.Forbidden, self.controller.show, req, str(uuid.uuid4()), '1') diff --git a/nova/tests/api/openstack/compute/plugins/v3/test_keypairs.py b/nova/tests/api/openstack/compute/plugins/v3/test_keypairs.py index 9e67ea73a4fe..a8f1dabf5c17 100644 --- a/nova/tests/api/openstack/compute/plugins/v3/test_keypairs.py +++ b/nova/tests/api/openstack/compute/plugins/v3/test_keypairs.py @@ -403,7 +403,7 @@ class KeypairPolicyTest(test.TestCase): policy.parse_rule('role:admin')}) policy.set_rules(rules) req = fakes.HTTPRequestV3.blank('/keypairs') - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.KeyPairController.index, req) @@ -420,7 +420,7 @@ class KeypairPolicyTest(test.TestCase): policy.parse_rule('role:admin')}) policy.set_rules(rules) req = fakes.HTTPRequestV3.blank('/keypairs/FAKE') - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.KeyPairController.show, req, 'FAKE') @@ -438,7 +438,7 @@ class KeypairPolicyTest(test.TestCase): policy.set_rules(rules) req = fakes.HTTPRequestV3.blank('/keypairs') req.method = 'POST' - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.KeyPairController.create, req, body={'keypair': {'name': 'create_test'}}) @@ -458,7 +458,7 @@ class KeypairPolicyTest(test.TestCase): policy.set_rules(rules) req = fakes.HTTPRequestV3.blank('/keypairs/FAKE') req.method = 'DELETE' - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.KeyPairController.delete, req, 'FAKE') diff --git a/nova/tests/api/openstack/compute/plugins/v3/test_shelve.py b/nova/tests/api/openstack/compute/plugins/v3/test_shelve.py index 59f6450f8c8a..a8f851cb5c94 100644 --- a/nova/tests/api/openstack/compute/plugins/v3/test_shelve.py +++ b/nova/tests/api/openstack/compute/plugins/v3/test_shelve.py @@ -46,7 +46,7 @@ class ShelvePolicyTest(test.NoDBTestCase): policy.set_rules(rules) req = fakes.HTTPRequestV3.blank('/servers/12/os-shelve') - self.assertRaises(exception.NotAuthorized, self.controller._shelve, + self.assertRaises(exception.Forbidden, self.controller._shelve, req, str(uuid.uuid4()), {}) def test_shelve_allowed(self): @@ -57,7 +57,7 @@ class ShelvePolicyTest(test.NoDBTestCase): self.stubs.Set(db, 'instance_get_by_uuid', fake_instance_get_by_uuid) req = fakes.HTTPRequestV3.blank('/servers/12/os-shelve') - self.assertRaises(exception.NotAuthorized, self.controller._shelve, + self.assertRaises(exception.Forbidden, self.controller._shelve, req, str(uuid.uuid4()), {}) def test_shelve_locked_server(self): @@ -75,7 +75,7 @@ class ShelvePolicyTest(test.NoDBTestCase): policy.set_rules(rules) req = fakes.HTTPRequestV3.blank('/servers/12/os-shelve') - self.assertRaises(exception.NotAuthorized, self.controller._unshelve, + self.assertRaises(exception.Forbidden, self.controller._unshelve, req, str(uuid.uuid4()), {}) def test_unshelve_allowed(self): @@ -86,7 +86,7 @@ class ShelvePolicyTest(test.NoDBTestCase): self.stubs.Set(db, 'instance_get_by_uuid', fake_instance_get_by_uuid) req = fakes.HTTPRequestV3.blank('/servers/12/os-shelve') - self.assertRaises(exception.NotAuthorized, self.controller._unshelve, + self.assertRaises(exception.Forbidden, self.controller._unshelve, req, str(uuid.uuid4()), {}) def test_unshelve_locked_server(self): @@ -104,7 +104,7 @@ class ShelvePolicyTest(test.NoDBTestCase): policy.set_rules(rules) req = fakes.HTTPRequestV3.blank('/servers/12/os-shelve') - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.controller._shelve_offload, req, str(uuid.uuid4()), {}) def test_shelve_offload_allowed(self): @@ -115,7 +115,7 @@ class ShelvePolicyTest(test.NoDBTestCase): self.stubs.Set(db, 'instance_get_by_uuid', fake_instance_get_by_uuid) req = fakes.HTTPRequestV3.blank('/servers/12/os-shelve') - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.controller._shelve_offload, req, str(uuid.uuid4()), {}) def test_shelve_offload_locked_server(self): diff --git a/nova/tests/api/openstack/test_wsgi.py b/nova/tests/api/openstack/test_wsgi.py index 018ee55f89ed..2759f64ccce7 100644 --- a/nova/tests/api/openstack/test_wsgi.py +++ b/nova/tests/api/openstack/test_wsgi.py @@ -441,7 +441,7 @@ class ResourceTest(test.NoDBTestCase): def test_resource_not_authorized(self): class Controller(object): def index(self, req): - raise exception.NotAuthorized() + raise exception.Forbidden() req = webob.Request.blank('/tests') app = fakes.TestRouter(Controller()) diff --git a/nova/tests/compute/test_compute.py b/nova/tests/compute/test_compute.py index a61a45fcc733..e34a7b671787 100644 --- a/nova/tests/compute/test_compute.py +++ b/nova/tests/compute/test_compute.py @@ -2702,7 +2702,7 @@ class ComputeTestCase(BaseTestCase): """Ensure expected exception is raised if set_admin_password not authorized. """ - exc = exception.NotAuthorized(_('Internal error')) + exc = exception.Forbidden(_('Internal error')) expected_exception = exception.InstancePasswordSetFailed self._do_test_set_admin_password_driver_error(exc, vm_states.ERROR, diff --git a/nova/tests/db/test_db_api.py b/nova/tests/db/test_db_api.py index 4916db36eec9..d3b5689f04ad 100644 --- a/nova/tests/db/test_db_api.py +++ b/nova/tests/db/test_db_api.py @@ -3545,7 +3545,7 @@ class FixedIPTestCase(BaseInstanceTypeTestCase): fixed_ip_id = db.fixed_ip_create(self.ctxt, param) self.ctxt.is_admin = False - self.assertRaises(exception.NotAuthorized, db.fixed_ip_get, + self.assertRaises(exception.Forbidden, db.fixed_ip_get, self.ctxt, fixed_ip_id) def test_fixed_ip_get_success(self): @@ -3765,7 +3765,7 @@ class FloatingIpTestCase(test.TestCase, ModelsObjectComparatorMixin): def test_floating_ip_allocate_not_authorized(self): ctxt = context.RequestContext(user_id='a', project_id='abc', is_admin=False) - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, db.floating_ip_allocate_address, ctxt, 'other_project_id', 'any_pool') @@ -4011,7 +4011,7 @@ class FloatingIpTestCase(test.TestCase, ModelsObjectComparatorMixin): def test_floating_ip_get_all_by_project_not_authorized(self): ctxt = context.RequestContext(user_id='a', project_id='abc', is_admin=False) - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, db.floating_ip_get_all_by_project, ctxt, 'other_project') diff --git a/nova/tests/image/test_glance.py b/nova/tests/image/test_glance.py index 51efa905cd72..47ce5bdd4437 100644 --- a/nova/tests/image/test_glance.py +++ b/nova/tests/image/test_glance.py @@ -777,14 +777,14 @@ class TestDetail(test.NoDBTestCase): ext_query_mock, reraise_mock): params = {} ext_query_mock.return_value = params - raised = exception.NotAuthorized() + raised = exception.Forbidden() client = mock.MagicMock() client.call.side_effect = glanceclient.exc.Forbidden ctx = mock.sentinel.ctx reraise_mock.side_effect = raised service = glance.GlanceImageService(client) - with testtools.ExpectedException(exception.NotAuthorized): + with testtools.ExpectedException(exception.Forbidden): service.detail(ctx, **params) client.call.assert_called_once_with(ctx, 1, 'list') diff --git a/nova/tests/keymgr/test_mock_key_mgr.py b/nova/tests/keymgr/test_mock_key_mgr.py index 4c18158c8630..3d56da08a45f 100644 --- a/nova/tests/keymgr/test_mock_key_mgr.py +++ b/nova/tests/keymgr/test_mock_key_mgr.py @@ -49,7 +49,7 @@ class MockKeyManagerTestCase(test_key_mgr.KeyManagerTestCase): self.assertEqual(length / 8, len(key.get_encoded())) def test_create_null_context(self): - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.key_mgr.create_key, None) def test_store_key(self): @@ -61,7 +61,7 @@ class MockKeyManagerTestCase(test_key_mgr.KeyManagerTestCase): self.assertEqual(_key, actual_key) def test_store_null_context(self): - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.key_mgr.store_key, None, None) def test_copy_key(self): @@ -75,14 +75,14 @@ class MockKeyManagerTestCase(test_key_mgr.KeyManagerTestCase): self.assertEqual(key, copied_key) def test_copy_null_context(self): - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.key_mgr.copy_key, None, None) def test_get_key(self): pass def test_get_null_context(self): - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.key_mgr.get_key, None, None) def test_get_unknown_key(self): @@ -95,7 +95,7 @@ class MockKeyManagerTestCase(test_key_mgr.KeyManagerTestCase): self.assertRaises(KeyError, self.key_mgr.get_key, self.ctxt, key_id) def test_delete_null_context(self): - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.key_mgr.delete_key, None, None) def test_delete_unknown_key(self): diff --git a/nova/tests/keymgr/test_single_key_mgr.py b/nova/tests/keymgr/test_single_key_mgr.py index 8b595723fd57..d6e71a644185 100644 --- a/nova/tests/keymgr/test_single_key_mgr.py +++ b/nova/tests/keymgr/test_single_key_mgr.py @@ -51,7 +51,7 @@ class SingleKeyManagerTestCase(test_mock_key_mgr.MockKeyManagerTestCase): pass def test_store_null_context(self): - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.key_mgr.store_key, None, self.key) def test_copy_key(self): diff --git a/nova/tests/network/test_manager.py b/nova/tests/network/test_manager.py index f7f3f580369c..62ea9be7b072 100644 --- a/nova/tests/network/test_manager.py +++ b/nova/tests/network/test_manager.py @@ -909,7 +909,7 @@ class VlanNetworkTestCase(test.TestCase): # raises because floating_ip project_id is None floating_ip = floating_ip_obj.FloatingIP(address='10.0.0.1', project_id=None) - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.network._floating_ip_owned_by_project, ctxt, floating_ip) @@ -917,7 +917,7 @@ class VlanNetworkTestCase(test.TestCase): # raises because floating_ip project_id is not equal to ctxt project_id floating_ip = floating_ip_obj.FloatingIP( address='10.0.0.1', project_id=ctxt.project_id + '1') - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.network._floating_ip_owned_by_project, ctxt, floating_ip) @@ -1360,14 +1360,14 @@ class VlanNetworkTestCase(test.TestCase): **networks[1])) # Associate the IP with non-admin user context - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.network.associate_floating_ip, context2, float_addr, fix_addr) # Deallocate address from other project - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.network.deallocate_floating_ip, context2, float_addr) @@ -1376,7 +1376,7 @@ class VlanNetworkTestCase(test.TestCase): self.network.associate_floating_ip(context1, float_addr, fix_addr) # Now try dis-associating from other project - self.assertRaises(exception.NotAuthorized, + self.assertRaises(exception.Forbidden, self.network.disassociate_floating_ip, context2, float_addr)